<?php
	$flag = true;
	
	if (isset($_POST['searchDoctor'])) {
		$flag = false;
	}else if (isset($_POST['addDoctor'])) {
		$sql = "SELECT COUNT(*) FROM privileges WHERE userID = '".$_POST['id']."' AND patientID = '".$_SESSION['userId']."'"; 
		$result = mysql_query($sql); 
		$count = mysql_fetch_array($result);
		if ($count[0]>0) { 
			//checar que no exista el nombre de usuario
			echo '<script language="javascript">alert("Connection Already Exist With That User");</script>';
		}else{
			$sql = "INSERT INTO privileges (userID, patientID, type) VALUES ('".$_POST['id']."', '".$_SESSION['userId']."', '1')";
			$result = mysql_query($sql); 
		}
	}else if(isset($_POST['changeType'])) {
		$sql = "UPDATE privileges SET type= '".$_POST['tuser']."' WHERE userID = '".$_POST['id']."' AND patientID = '".$_SESSION['userId']."'";
		$result = mysql_query($sql); 
	}
?>
<script type="text/javascript">
	function confirmar(){
		return confirm("Are you sure you want to change the privileges with that user?");
	}
</script>

		<?php
		if ( $flag ){
			$id = $_SESSION['userId'];
			$sql = "SELECT p.id AS privid, u.username, p.type, u.id FROM users u, privileges p WHERE u.id = p.userID  AND p.type != '3'	AND p.patientID = '".$id."'"; 
			$result = mysql_query($sql); 
		
			if (mysql_num_rows($result) > 0) {
				echo '<table width=80% border=0 class="tabla1">
							<tr><th colspan=5>Current Privileges</th></tr>
							<tr><th>Username</th><th>Type</th><th>Change Type</th><th>Change</th><th>Delete</th></tr>';
				while ($row = mysql_fetch_assoc($result)) {
					echo '<form name="editDoc" action="index.php?mode=manageprivileges&id='.$patientID.'" method="post">';

					switch ($row['type']) {
						case '3':
							$typestr = "Owner";
						break;
						case '2':
							$typestr = "Read/Write";
						break;
						case '1':
							$typestr = "ReadOnly";
						break;
						default:
							$typestr = "Unknown";
						break;
					}

					echo '<tr><td>'.$row['username'].'</td><td>'.$typestr.'</td>';
					echo '<td><select name="tuser" size="1">
							<option value="2">Read/Write</option>
							<option value="1" selected="true">ReadOnly</option>
						</select></td>';
					echo '<td><input type="hidden" name="id" id="id" value="'.$row['id'].'"/><input type="submit" name="changeType" id="changeType" value="Change" onclick="return confirmar();"/></td>';
					echo '<td><a href="index.php?mode=deleteitem&itemtype=Privilege&itemid='.$row['privid'].'">Delete</a></td></tr></form>';
				}
				echo '</table>';
			}
		}else if( !($flag) && isset($_POST['searchDoctor'])){
			$sql = "SELECT username, id FROM users WHERE username LIKE '%".$_POST[buser]."%'"; 
			$result = mysql_query($sql); 
			echo '<table width=80% border=0 class="tabla1"><tr><th colspan=2>Users found</th></tr><tr><td>Username</td><td>Add</td></tr>';
			while ($row = mysql_fetch_assoc($result)) {
				echo '<form name="addDoc" action="index.php?mode=manageprivileges&id='.$patientID.'" method="post">';
				echo '<tr><td>'.$row['username'].'</td>';
				echo '<td><input type="hidden" name="id" id="id" value="'.$row['id'].'"/><input type="submit" name="addDoctor" id="addDoctor" value="Add"/></td></tr></form>';
			}
			echo '</table>';
		}
		echo '<br/>';
		?>
		<form action="index.php?mode=manageprivileges&id=<?php echo $patientID; ?>" method="post">
		<table width=80% border=0 class="tabla1">
			<tr><th colspan=3>Add a privilege</th></tr>
		  <tr>
			<td><label for="name">Doctor Username: </label></td>
			<td><input type="text" class="reqd" name="buser" id="buser"/></td>
			<td><input type="submit" value="Search" class="boton" onclick="return document.getElementById('buser').value != '';" name="searchDoctor" id="searchDoctor"/></td>
		  </tr>
		</table>

		</form>
	</td>
	</tr>
	</table>